diff options
Diffstat (limited to 'core/modules/pam/data/etc/pam.d/common-account')
-rw-r--r-- | core/modules/pam/data/etc/pam.d/common-account | 28 |
1 files changed, 3 insertions, 25 deletions
diff --git a/core/modules/pam/data/etc/pam.d/common-account b/core/modules/pam/data/etc/pam.d/common-account index 4c464871..6694c6f7 100644 --- a/core/modules/pam/data/etc/pam.d/common-account +++ b/core/modules/pam/data/etc/pam.d/common-account @@ -1,25 +1,3 @@ -# -# /etc/pam.d/common-account - authorization settings common to all services -# -# This file is included from other service-specific PAM config files, -# and should contain a list of the authorization modules that define -# the central access policy for use on the system. The default is to -# only deny service to users whose accounts are expired in /etc/shadow. -# -# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. -# To take advantage of this, it is recommended that you configure any -# local modules either before or after the default block, and use -# pam-auth-update to manage selection of other modules. See -# pam-auth-update(8) for details. -# - -# here are the per-package modules (the "Primary" block) -account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so -# here's the fallback if no module succeeds -account requisite pam_deny.so -# prime the stack with a positive return value if there isn't one already; -# this avoids us returning an error just because nothing sets a success code -# since the modules above will each just jump around -account required pam_permit.so -# and here are more per-package modules (the "Additional" block) -# end of pam-auth-update config +account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so +account requisite pam_deny.so +account required pam_permit.so |